Dot1x radius-attributes vlan – Allied Telesis AT-S95 CLI User Manual

802.1x Commands

Page 385

User Guidelines

The command is relevant when multiple hosts is disabled and the user has been successfully authenticated.

Example

The following example forwards frames with source addresses that are not the supplicant address and sends
consecutive traps at intervals of 100 seconds.

dot1x radius-attributes vlan

Use The dot1x radius-attributes vlan Interface Configuration command enables user-based VLAN assignment.
Use the no form of this command to disable user-based VLAN assignment.

Syntax

dot1x radius-attributes vlan

no dot1x radius-attributes vlan

Parameters

This command has no arguments or keywords.

Default Configuration

Disabled.

Command Mode

Interface Configuration (Ethernet) mode

User Guidelines

The command configuration is allowed only when the port is Forced Authorized.

Radius attributes are supported only in the multiple sessions mode (multiple hosts with authentication).

When Radius attributes are enabled and the Radius Accept message does not contain as an attribute the
supplicant’s VLAN then the supplicant is rejected.

Packets to the supplicant are sent untagged.

After successful authentication the port remains as a member in the unauthenticated VLANs and in the Guest
VLAN. Other static VLAN configurations are not applied on the port.

If the supplicant VLAN does not exist on the switch, the supplicant is rejected.

Examples

The following example enables user-based VLAN assignment.

console(config)# interface ethernet 1/e16
console(config-if)# dot1x single-host-violation forward trap 100

console(config)# interface ethernet 1/e16
console(config-if)# dot1x radius-attributes vlan